772 matches found
CVE-2020-4827
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841...
CVE-2020-4825
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2020-4640
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...
CVE-2020-4640
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...
CVE-2020-4826
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840...
CVE-2020-4826
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840...
CVE-2020-4825
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Information disclosure
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...
Cross site scripting
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
Input validation
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842...
Cross site request forgery (csrf)
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840...
Cross site request forgery (csrf)
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841...
CVE-2020-4828
IBM API Connect CVE-2020-4828 affects IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, vulnerable to web cache poisoning due to improper input validation when HTTP request headers are modified. Root cause: input validation weakness in header handling. Impact: web cache poisoning pote...
CVE-2020-4828
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 189842...
CVE-2020-4827
CVE-2020-4827 affects IBM API Connect: vulnerable in IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13 to CSRF, enabling malicious actions transmitted from a trusted user. The CVSS base score is 4.3 (MEDIUM). Remediation is to upgrade to IBM API Connect 2018.4.1.15 or 10.0.1.1 (per the...
CVE-2020-4827
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189841...
CVE-2020-4826
IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 189840...
CVE-2020-4826
CVE-2020-4826 affects IBM API Connect: vulnerable in IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, due to a cross-site request forgery flaw. The CVSS v3 base score is 4.3 (MEDIUM). Remediation is available: fixed in IBM API Connect 2018.4.1.15 and 10.0.1.1 (LI81760) per IBM bullet...
CVE-2020-4640
Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.13 configurations can result in sensitive information in the URL fragment identifiers. This information can be cached in the intermediate nodes like proxy servers, cdn, logging platforms, etc. An attacker can make u...
CVE-2020-4640
IBM API Connect is affected by CVE-2020-4640 for configurations of IBM API Connect 10.0.0.0–10.0.1.0 and 2018.4.1.0–2018.4.1.13, which can leak sensitive data in URL fragment identifiers cached by intermediaries. The IBM security bulletin lists affected versions and that remediation is available:...